assume role with web identity?

[DyfanJones]

Possible method for connecting to AWS Athena.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_request.html#api_assumerolewithwebidentity

https://developer.amazon.com/docs/login-with-amazon/web-docs.html

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts.html#STS.Client.assume_role_with_web_identity

[DyfanJones]

This is a large piece of work and this ticket is only to float the idea of possible methods to connect to AWS Athena

[DyfanJones]

This could be outside of RAthena and noctua similar to how bigrquery connect using the package gargle

[DyfanJones]

As AWS can utilise googles identifier, then possibly gargle package could be used

[DyfanJones]

This blog seems promising: https://adisarid.github.io/post/2019-08-10-cognito-shiny-authentication/ From a quick glance it seems that the base cognito url needs to be hosted

base_cognito_url <- "https://YOUR_PREEDEFINED_AWS_COGNITO_DOMAIN.amazoncognito.com/"

However my understanding is still very new and vague.

[DyfanJones]

Possibly could use: https://github.com/chi2labs/cognitoR

[JonMerlevede]

I am wondering what the use case for this feature would be. I am currently using RAthena together with web identity authentication, and it works perfectly.

RAthena calls on Boto3 to communicate with AWS. Boto3 implements the whole AWS default credentials chain. If there is a need, I can configure Boto3 by describing a custom profile in ~/.aws/profile.

[DyfanJones]

Fair point, i haven't had time to investigate this any further. However it is possible it to redundant now due what you mentioned :)